Threat Descriptions

Swamp

Classification

Category :

Malware

Type :

-

Platform :

-

Aliases :

Swamp

Summary

This is not a virus, bot a hoax which was originally distributed on the April Fools Day in 1996. Ignore it.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Here's the original hoax:

---HOAX MESSAGE STARTS---

SWAMP VIRUS

Synopsis

A new extremely threatening virus has been discovered. Its key features are

  • it is a hardware based virus
  • it can be transmitted over any communications network
  • it does not require executable code to travel
  • it is a targetable virus i.e. the virus can be set to target a particular PC or group of PCs
  • it is immune to existing anti-virus software

Introduction

This is a brief paper summarising what is known about the new virus. Techniques for preventing infection are proposed.

Virus Description

The new virus has become known as the Swamp Virus. Its official reference number is 01/0496.

Type

The Swamp Virus is a hardware based virus. It attacks the internal hardware of the PC causing electrical problems. These in turn cause software problems rendering the PC completely unusable. In many cases the PC will become usable again once it has got over the .attack.; in others the PC is effectively destroyed.

Transport

The Swamp Virus can only be transmitted directly over the Internet or other communications network. It does not have to be executable code; it can be carried on any data stream whatsoever. It cannot be conducted from PC to PC via floppy disk.

Technique

It works by utilising TCP/IP, the communications and internetworking protocols, at a very low level. Indeed it is attached to data streams at the bit level.

Background

Experts in many countries have been working on ways to improve the carrying capacity, or bandwidth, of existing networks using techniques such as multiplexing. Scientists from the Avril Institute in Bern, Switzerland, have developed a technique whereby a small number of molecules of various substances can be attached to data at the bit level. Their goal is to cease using the bit as a data item and to use it merely as a carrier for the data. The data is physically mapped onto the molecules using the protons and electrons, the neutrons and neutrinos being used for control information and parity checking. Use of this technique will expand the capacity of a network by the data capacity of the molecules. The data carrying capacity of the bit will depend on the size of the attached molecules. The only identified drawback with this development is that a high speed communications link is required. This is because the molecules must remain in a gaseous state to stay attached to the bit. To remain in this state they require the friction - and consequent heat - developed by the high speed link. As soon as the friction and heat are removed the molecules condense and lose their data carrying capacity as well as their attachment to the bit.

Impact

This technological advance has been seized upon by an Anarchist Hacker Group - the April I Group. They have stolen equipment from the Avril Institute and have been using it to attach water molecules in a gaseous form to the bit streams generated by TCP/IP when sending emails. As soon as the email is received by your PC it loses the friction from the high speed link and the water molecules condense within the data bus on the motherboard. 

This causes electrical problems, and, in the case of large

emails, total destruction of the motherboard due to .swamping..

Risk

It is believed that the April I Hacker Group - are planning to flood the Internet with vast quantities of email messages during the early part of April with particular emphasis being placed on the 1st - the anniversary of the day their self-appointed leader was arrested and charged with breaking out of a secure Government computer system.

Protection

It is strongly recommended that you do not receive any email on that day. This will provide 100% protection for your PC. Unfortunately, however, it is thought that many of the hundreds of mail servers on the Internet may suffer damage as your email messages are held by them pending retrieval. As your messages will be held on disk, the absence of friction over the communications network will cause the water molecules to condense from their gaseous form, damaging the motherboards on the mail servers.

Emails received after this date will be quite safe as the attached water molecules will have already condensed from the email bit stream.

Further information can be obtained from Professor P. Ranque at the Avril Institute. Email p_ranque@avril.fuel.edu

---HOAX MESSAGE ENDS---